Reverse Engineering and Exploiting Builds in the Cloud

Conference:  BlackHat EU 2019



The presentation discusses the challenges of supply chain security in multi-tenant environments and highlights the importance of understanding container technology and underlying concepts to secure or compromise an environment.
  • Supply chain security is hard in multi-tenant environments
  • Understanding container technology and underlying concepts is crucial
  • Simple components bundled in containers can compromise an environment
  • Multi-tenancy is hard, make everything ephemeral
  • Open source tools like Breakout the Box and Terrier can automate common container escapes
  • Sharing research publicly is important
The presenters discuss the concept of 'evil forks' where an attacker forks a legitimate repo and makes a commit or push to the forked repo, which gets executed inside the legitimate repo's CI environment, resulting in tokens being leaked and other security issues.


Continuous Integration, Delivery, and Deployment (CI/CD) and Containers are common terms in today’s IT landscapes and core approaches for modern software development and operation. We will give a short, to-the-point introduction of CI/CD with regard to building containers for hackers, auditors, and everyone involved in the SDLC process. Based on this understanding, we will describe and demo various security pitfalls of multi-tenant cloud build environments which provide Container based build environments. The demos presented are based on real-world examples that were identified during the assessment of various Cloud container build systems. Several new and lesser-known attack vectors and their associated remediations will be covered.